Application No. 10/773,717 

RCE Filed: 04/14/2008 

Reply to Office Action of: 11/23/2007 

REMARKS 

The Final Office Action mailed November 23, 2007, has been received and 
reviewed. Claims 1, 4-9, 13, 15, and 18-22 are pending in the subject application. All claims 
stand rejected. It is proposed that each of claims 1, 6-9, 15, and 20 be amended as set forth 
herein. As such, upon entry of the proposed amendments, claims 1, 4-9, 13, 15, and 18-22 will 
remain pending. It is submitted that no new matter has been added by way of the present 
amendments. Claims 1, 4-6, 9, 13, 15, and 18-22 stand rejected under 35 U.S.C. § 102(b), while 
claims 7 and 8 stand rejected under 35 U.S.C. § 103(a). Reconsideration of the subject 
application is respectfully requested in view of the proposed amendments and the following 
remarks. 

Support for Claim Amendments 

It is proposed that each of independent claims 1, 9, and 15 be amended as set forth 
herein to clarify a process executed by the secure password prompt routine for generating a 
authentication graphic. Support for these claim amendments may be found in the Specification, 
for example, at paragraphs [0016], [0022], [0024], and [0028]. It is proposed that each of claims 
6, 9, and 20 be amended as set forth herein to clarify a process for generating a digest. Support 
for these claim amendments may be found in the Specification, for example, at paragraphs 
[0017], [0018], [0023], and [0029]. 

Objections 

Claims 7 and 8 stand objected to for the informality of depending on cancelled 
claim 3. In response, claims 7 and 8 are amended to depend from independent claim 1, which is 
currently pending in the present application. 
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Rejections based on 35 U.S.C. § 102(b) 

A. ) Applicable Authority 

Anticipation "requires that the same invention, including each element and 
limitation of the claims, was known or used by others before it was invented by the patentee." 1 
"[P]rior knowledge by others requires that all of the elements and limitations of the claimed 
subject matter must be expressly or inherently described in a single prior art reference." 2 "The 
single reference must describe and enable the claimed invention, including all claim limitations, 
with sufficient clarity and detail to establish that the subject matter already existed in the prior art 
and that its existence was recognized by persons of ordinary skill in the field of the invention." 3 

B. ) Anticipation Rejection Based on U.S. App. No. 2002/0196237 to Fernando et al. 

Claims 1, 4-6, 9, 13, 15 and 18-22 stand rejected under 35 U.S.C. § 102(b) as 
being anticipated by U.S. Application No. 2002/0196237 to Fernando et al. (hereinafter the 
"Fernando reference"). As the Fernando reference does not describe, either expressly or 
inherently, each and every element of claims 1, 4-6, 9, 13, 15 and 18-22, Applicant respectfully 
traverses the rejection of these claims, as hereinafter set forth. 

Independent claim 1, as amended hereinabove, recites a method performed by a 
client for storing a secret in a secure storage, receiving a password challenge from a server, and, 
responsive to the password challenge, calling a secure password prompt routine. In particular, 
the secure password prompt routine is employed to execute a procedure that includes, in part, 

1 MPEP § 2131, passim; Hoover Group, Inc. v. Custom Metalcraft, Inc., 66 F.3d 299, 302 (Fed. 

Cir. 1995). 

2 Elan Pharms., Inc. v. Mayo Foundation for Medical Educ. & Research, 304 F.2d 1221, 1227 

(Fed. Cir. 2002) (citing In re Robertson, 169 F.3d 743, 745 (Fed. Cir. 1999); Constant v. 
Advanced Micro-Devices, Inc., 848 F.2d 1560, 1571 (Fed. Cir. 1988)). 
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"(1) accessing the secret in the secure storage," "(2) generating an authentication graphic based 
on the secret," and "(3) rendering a prompt at a display device," where "the prompt including a 
request for a user to input a password and the authentication graphic" (emphasis added). In this 
way, the secure password prompt routine renders a prompt on a display device that self-indicates 
its authenticity when requesting a password entry. Similarly, claims 9 and 15 recite the secure 
password prompt routine that executes a procedure that includes, in part, "rendering a prompt" 
where the prompt includes "a request for a user to input a password and the authentication 
graphic." 

The Fernando reference, on the other hand, displays a secure icon on a display 37 
that is separate from the display 39, where the virtual PIN pad is displayed for inputting a 
password. 4 That is, the "visible security indicator is not part of the main display 39 of a 
touchscreen incorporating the touchpad 1 but is a separate display 37 under difference control 
than the main display 39." 5 Disadvantageously, the cited reference requires additional 
equipment (e.g., at least two displays and two controllers), and necessitates that a user look in 
different places (e.g., display 37 and display 39 of FIG. 3). Accordingly, it is likely that the user 
may overlook a separate display screen and input a PIN when the payment device is unsecured. 

Moreover, the independent claims recite that the authentication graphic is 
displayed responsive to a password challenge being sent from a server, which is external to the 
client device. In contrast, the Fernando reference displays the secure icon in response to an 
indication from a user to perform a financial transaction. 6 Accordingly, the Fernando reference 

3 Id. (emphasis added)(citing Crown Operations Int'l, Ltd. v. Solatia Inc., 289 F.3d 1367, 1375 

(Fed. Cir. 2002); In re Spada, 911 F.2d 705, 708 (Fed. Cir. 1990)). See also, PPG Indus., 
Inc. v. Guardian Indus. Corp., 75 F.3d 1558, 1566 (Fed. Cir. 1996). 

4 See Fernando reference at pg. 2, f [0030]. 

5 Id. at pg. 2, 1 [0031]. 

6 Id. atpg. 2,1I[0029]-[0030]. 



2859513vl 



Page 11 of 16 



Application No. 10/773,717 

RCE Filed: 04/14/2008 

Reply to Office Action of: 11/23/2007 

does not anticipate (a) triggering generation of a authentication graphic at a client device (b) 
upon receiving a password challenge (c) from a server. 

As such, for at least the reasons stated above, the Applicant suggests that claims 
1, 9, and 15 are not anticipated by Fernando and are in condition for allowance. Each of claims 
4-6, 13, and 18-22 is believed to be in condition for allowance based, in part, upon their 
dependency from claims 1, 9, and 15, respectively, and such favorable action is respectfully 
requested. 7 

Further, independent claim 9, as amended herein, recites a hash function 
embodied on the communications device to calculate a digest. In particular, calculating the 
digest includes, in part, "(1) receiving a password in response to the received password 
challenge, wherein the password is received upon the user identifying the authentication graphic 
as authentic," "(2) altering the password such that, if the digest is captured by an attacker, the 
attacker is unable to recreate the password," and " (3) calculating the digest from the password 
challenge and the altered password' (emphasis added). In this way, the password is protected 
against interception while the server, which receives the digest is able to recognize the password 
as being valid or not. Similarly, claim 6 recites "generating a digest with a cryptographically- 
safe function that includes indicia of the received password and the received password 
challenge, wherein the digest is a communication that securely protects the password from being 
intercepted" and "sending the digest to the server, wherein the server verifies the digest by 
comparing it to a recalculated digest that includes an indicia of the password challenge and a 
stored authentic password" (emphasis added). Along these lines, claim 20 recites "receiving the 
password from the user," "altering the received password utilizing a hash function" "generating 



7 See 37 C.F.R. § 1.75(c) (2006). 
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a digest using the altered password and the received password challenge," and "sending the 
digest to the server without directly passing the password over a communications medium" 
(emphasis added). 

Dissimilarly, the Fernando reference encrypts the PIN upon entry. This is distinct 
from generating a digest based on (a) an altered password and (b) a password challenge. 
Accordingly, for at least the reasons stated above, the Applicant suggests that claims 6, 9, and 20 
are not anticipated by Fernando and are in condition for allowance. 

Rejections based on 35 U.S.C. § 103(a) 

A.) Applicable Authority 

Title 35 U.S.C. § 103(a) declares, a patent shall not issue when "the differences 
between the subject matter sought to be patented and the prior art are such that the subject matter 
as a whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains." The Supreme Court in Graham v. 
John Deere counseled that an obviousness determination is made by identifying: the scope and 
content of the prior art; the level of ordinary skill in the prior art; the differences between the 
claimed invention and prior art references; and secondary considerations. 8 To support a finding 
of obviousness, the initial burden is on the Office to apply the framework outlined in Graham 
and to provide some reason, suggestion, or motivation, found either in the prior art references 
themselves or in the knowledge generally available to one of ordinary skill in the art, to modify 
the prior art reference or to combine prior art reference teachings to produce the claimed 
invention. 9 Recently, the Supreme Court elaborated, at pages 13-14 of the KSR opinion, that "it 

8 Graham v. John Deere Co., 383 U.S. 1 (1966). 

9 See, Application ofBergel, 292 F. 2d 955, 956-957 (1961). 
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will be necessary for [the Office] to look at interrelated teachings of multiple [prior art 
references]; the effects of demands known to the design community or present in the 
marketplace; and the background knowledge possessed by [one of] ordinary skill in the art, all in 
order to determine whether there was an apparent reason to combine the known elements in the 
fashion claimed by the [patent application]." 10 

B.) Obviousness Rejection Based upon the Fernando reference in view of U.S. Patent 

No. 6,950,949 to Gilchrist 

Claims 7 and 8 stand rejected under 35 U.S.C. § 103(a) as being unpatentable 
over the Fernando reference in view of U.S. Patent No. 6,950,949 to Gilchrist (hereinafter the 
"Gilchrist reference"). As the Fernando reference and the Gilchrist reference, whether taken 
alone or in combination, fail to teach or suggest all of the limitations of the rejected claims, the 
Applicant respectfully traverses this rejection, as hereinafter set forth. 

As discussed above, the Fernando reference does not teach or suggest all of the 
features of independent claim 1 (as amended herein) either directly or indirectly. It is 
respectfully submitted that the Gilchrist reference fails to cure at least the above-discussed 
deficiencies of the Fernando reference. More particularly, with respect to independent claim 1, it 
is respectfully submitted that the Gilchrist reference fails to teach or suggest displaying a prompt 
having both a request for password entry and an authentication graphic generated from a secret 
stored in a secure storage. Rather, the Gilchrist reference is cited for disclosing a method of 
receiving user input to select a secret. Accordingly, it is respectfully submitted that the Fernando 



10 KSR v. Teleflex, No. 04-1350, 127 S.Ct. 1727 (2007). 
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and Gilchrist references, whether taken alone or in combination, fail to teach or suggest all of the 
features of the claim 1 and, accordingly, of claims 7 and 8. 11 



11 See 37 C.F.R. § 1.75(c) (2006). 
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CONCLUSION 

For at least the reasons stated above, upon entry of the proposed amendments, it is 
believed that claims 1, 4-9, 13, 15, and 18-22 will be in condition for allowance. As such, 
Applicants respectfully request entry of the proposed amendments, withdrawal of the pending 
rejections and allowance of the claims. If any issues remain that would prevent issuance of this 
application, the Examiner is urged to contact the undersigned - 816-474-6550 or 
btabor@shb.com (such communication via email is herein expressly granted) - to resolve the 
same. It is believed that no fee is due, however, the Commissioner is hereby authorized to 
charge any amount required to Deposit Account No. 19-2112, referencing attorney docket 
number MFCP. 140192. 

Respectfully submitted, 

/Benjamin P. Tabor/ 

Benjamin P. Tabor 
Reg. No. 60,741 

TLB/BPT/bp 

SHOOK, HARDY & BACON L.L.P. 

2555 Grand Blvd. 

Kansas City, MO 64108-2613 

816-474-6550 
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